Stopping a good DDOS attack isn't easy, but there are good products out
there that are designed to do just that. However, there are a lot of
products that claim to have 'DDOS' protection, but they really just
offer some form of connection based rate limiting or limited "proxy on"
service. Some products have added the label for marketing reasons, but
don't really have anything.

The only device I've seen that really protects against this is the Top
Layer IPS 5500. Other IPS products have good content-filtering and
signature libraries, but you didn't ask for that.

When IP (Source) addresses are spoofed, is there no way of determining
(a)
that the IP Source Addresses is spoofed and not the genuine one (b) to
be
able to determine the actual IP address that is sending DoS packets?

Somehow I get the feeling I'm SOL when trying to find out the
"genuine/actual" source IP address.

If this is the case, then pretty much we all are helpless with DoS/DDoS
attacks - considering one can write a script/program to keep
incrementing
or randomly assigning spoofed source addresses in the DoS packets being
sent out.

RE: Why bandwidth consuming ddos attack using only udp or icmp?... what I would like to know is why ddos attacker don't using tcp for bandwidth consuming attack? ... so he can send lots of tcp packets toward to the port 80/tcp of the victim like syn flooding attack.... Why bandwidth consuming ddos attack using only udp or icmp? ...(Security-Basics)

Re: DOS Attack... Swap et Malke... There is such a thing as a DoS attack...that is, infact a "Denial of Service" attack...whereas a DDoS attack is a "Distributed Denial of Service" attack and by definition is typically a DoS attack from multiple sources..thus Distributed....and infact either one could be applicable to his situation if this is indeed an attack. ... A DoS or DDoS attack is an attack that is designed to make a computer or network resource unavailable or unusable to it's intended users. ...(microsoft.public.windowsxp.security_admin)